diff --git a/AUTHORS b/AUTHORS index aba1e22f4..d8973f29f 100644 --- a/AUTHORS +++ b/AUTHORS @@ -32,6 +32,7 @@ Hiroki Kiyohara Jens Timmerman Jerome Leclanche Jim Graham +Jonas Nygaard Pedersen Jonathan Steffan Jun Zhou Kristian Rune Larsen diff --git a/CHANGELOG.md b/CHANGELOG.md index e7b0e35cb..c28031a26 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -19,9 +19,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ### Added * #712, #636, #808. Calls to `django.contrib.auth.authenticate()` now pass a `request` to provide compatibility with backends that need one. - + ### Fixed * #524 Restrict usage of timezone aware expire dates to Django projects with USE_TZ set to True. +* #955 Avoid doubling of `oauth2_provider` urls mountpath in json response for OIDC view `ConnectDiscoveryInfoView`. + Breaks existing OIDC discovery output ## [1.5.0] 2021-03-18 diff --git a/oauth2_provider/views/oidc.py b/oauth2_provider/views/oidc.py index ac3a2a172..00c8c3fa4 100644 --- a/oauth2_provider/views/oidc.py +++ b/oauth2_provider/views/oidc.py @@ -1,4 +1,5 @@ import json +from urllib.parse import urlparse from django.http import HttpResponse, JsonResponse from django.urls import reverse @@ -32,12 +33,15 @@ def get(self, request, *args, **kwargs): ) jwks_uri = request.build_absolute_uri(reverse("oauth2_provider:jwks-info")) else: - authorization_endpoint = "{}{}".format(issuer_url, reverse("oauth2_provider:authorize")) - token_endpoint = "{}{}".format(issuer_url, reverse("oauth2_provider:token")) + parsed_url = urlparse(oauth2_settings.OIDC_ISS_ENDPOINT) + host = parsed_url.scheme + "://" + parsed_url.netloc + authorization_endpoint = "{}{}".format(host, reverse("oauth2_provider:authorize")) + token_endpoint = "{}{}".format(host, reverse("oauth2_provider:token")) userinfo_endpoint = oauth2_settings.OIDC_USERINFO_ENDPOINT or "{}{}".format( - issuer_url, reverse("oauth2_provider:user-info") + host, reverse("oauth2_provider:user-info") ) - jwks_uri = "{}{}".format(issuer_url, reverse("oauth2_provider:jwks-info")) + jwks_uri = "{}{}".format(host, reverse("oauth2_provider:jwks-info")) + signing_algorithms = [Application.HS256_ALGORITHM] if oauth2_settings.OIDC_RSA_PRIVATE_KEY: signing_algorithms = [Application.RS256_ALGORITHM, Application.HS256_ALGORITHM] diff --git a/tests/presets.py b/tests/presets.py index da1577bf4..214f804ef 100644 --- a/tests/presets.py +++ b/tests/presets.py @@ -9,8 +9,8 @@ DEFAULT_SCOPES_RO = {"DEFAULT_SCOPES": ["read"]} OIDC_SETTINGS_RW = { "OIDC_ENABLED": True, - "OIDC_ISS_ENDPOINT": "http://localhost", - "OIDC_USERINFO_ENDPOINT": "http://localhost/userinfo/", + "OIDC_ISS_ENDPOINT": "http://localhost/o", + "OIDC_USERINFO_ENDPOINT": "http://localhost/o/userinfo/", "OIDC_RSA_PRIVATE_KEY": settings.OIDC_RSA_PRIVATE_KEY, "SCOPES": { "read": "Reading scope", diff --git a/tests/test_oidc_views.py b/tests/test_oidc_views.py index 3e3a5538c..5cbae5402 100644 --- a/tests/test_oidc_views.py +++ b/tests/test_oidc_views.py @@ -12,10 +12,10 @@ class TestConnectDiscoveryInfoView(TestCase): def test_get_connect_discovery_info(self): expected_response = { - "issuer": "http://localhost", + "issuer": "http://localhost/o", "authorization_endpoint": "http://localhost/o/authorize/", "token_endpoint": "http://localhost/o/token/", - "userinfo_endpoint": "http://localhost/userinfo/", + "userinfo_endpoint": "http://localhost/o/userinfo/", "jwks_uri": "http://localhost/o/.well-known/jwks.json", "response_types_supported": [ "code",